Skip to main content

Stolen Fortnite Accounts Earn Hackers Millions Per Year

Stolen Fortnite Accounts Earn Hackers Millions Per Year

stolen fortnite accounts $1 million

More than 2 billion breached Fortnite accounts have gone up for sale in underground forums so far in 2020 alone.

Hackers are scoring more than a million dollars annually selling compromised accounts for the popular Fortnite video game in underground forums.

With Fortnite’s immense popularity skyrocketing over the past few years – it currently has more than 350 million global players – the game is a lucrative target for cybercriminals. So lucrative, in fact, that 2 billion breached accounts have gone up for sale in underground forums so far in 2020 alone, according to a new report.

After tallying the auction sales for several high-end and low-end Fortnite account sellers over a three month period, researchers found that on the high end, sellers averaged $25,000 per week in account sales — roughly $1.2 million per year.

The market for stolen account sales is much larger than just the gaming industry…However, from our research, the black market for the buying and selling of stolen Fortnite accounts is among the most expansive, and also the most lucrative,” said researchers with Night Lion Security in a report last week.

The value of a hacked Fortnite account is centralized around a character’s in-game “skin” (essentially a digital costume), researchers said. Players of the game can purchase these in-game accessories using Fortnite’s currency, called V-Bucks. Some of the skins are rare and worth a lot of money; for instance, the “Recon Expert” skin is one of the most valuable, averaging roughly $2,500 per account.

These Fortnite accounts are initially hacked via simple brute force and password cracking: Username-and-password combinations can be extracted from data breaches of other companies, and checked against Fortnite accounts, as many people reuse passwords.

Cybercriminals have tools that can make these types of techniques even easier. One well-known password cracker in underground hacking circles (known as “DonJuji”) says high-end Fortnite cracking tools can average between 15 and 25 thousand checks per minute (roughly 500 account checks per second), according to the report.

fortnite stolen account  

Epic Games does limit the number of logins allowed per IPs in an attempt to limit password cracking attempts. However, cybercriminals bypass this by utilizing automatic proxy rotation, which creates a new IP for each request. One popular Fortnite account checker called Axenta (costing $15 per month), for instance, provides automatic proxy rotation, as well as a number of other different built-in tools allowing password checking and automatic password-changing.

Cybercriminals then create “logs” of these varying compromised accounts and sell them. These collections, which contain a few thousand stolen accounts, are auctioned in private Telegram channels for anywhere between $10,000 and $50,000. From there, accounts are then extracted from the log and individually posted for sale.

Night Lion Security paints a picture of a sophisticated underground marketplace, with “distributors” initially selling these logs to “resellers,” who then sell them to “consumers.” Many account resellers host their own account shops on sites (like shoppy.gg or atshop.io), which feature a mix of accounts that can be purchased, including NetflixDisney+, HBO Max, and more.


fortnite stolen account

Digital accessories and skins are highly sought after.

This marketplaces are highly organized, even containing customer service and return policies. One site is overseen by a system called “Community Checkup.” Community Checkup, which is made up of a group of five “judges,” keeps track of scammers, sellers, buyers who are breaking community bylaws.

According to the report, video games in general are extremely profitable for cybercriminals, with Roblox, Runescape, and Minecraft also proving to be popular on underground forums.

“We can then confidently predict that an additional 30 percent revenue, or $300 million per year, can be generated by tallying the black-market sales for every other video game in existence, conservatively making the entire hacked video game market a billion dollar a year industry,” said researchers.

Fortnite has previously faced various security issues. In 2018, an array of malicious Android apps purporting to be Fortnite were uncovered accessing cameras, harvesting and wiping device data, and recording audio on victims’ phones. In 2019, Epic Games patched a bug that could have allowed hackers to break into millions of Fortnite accounts and steal virtual currency or resell virtual goods. Also that year, a ransomware called “Syrk” targeted gaming juggernaut Fortnite’s enormous user base, purporting to be a game hack tool.

Comments

Post a Comment

Popular posts from this blog

How to secure PayPal

How to secure PayPal By- Aarti Jatan Your online finances need proper protection. Learn how to secure your PayPal account. With hundreds of millions of users around the world, PayPal has long been an international leader in the electronic payments industry. But as we know, money never fails to attract fraud, especially now, with as much of life as possible taking place online. Here is what you need to do to stay safe when sending or receiving money through PayPal. How secure is PayPal? As a matter of fact, PayPal is quite a reliable platform that maintains a high level of security — and keeps improving it. Thus, the company has an official program deploying white hat hackers to unearth vulnerabilities (the so-called bug bounty), under which it has already paid out almost $4 million since 2018. The program also covers several other services owned by PayPal, such as Venmo. PayPal also treats its users’ data responsibly: It did have one reliably reported leak, in 2017, but the leak invol...
Post a Comment
Read more

Woman dies during a Ransomware attack on a German hospital

Woman dies during a Ransomware attack on a German hospital It could be the first death directly linked to a cybersecurity attack A woman in Germany died during a ransomware attack on the Duesseldorf University Hospital, in what may be the first death directly linked to a cyberattack on a hospital. The hospital couldn’t accept emergency patients because of the attack, and the woman was sent to a health care facility around 20 miles away, the Associated Press reported. The cyberattack was not intended for the hospital, according to a report from the German news outlet RTL. The ransom note was addressed to a nearby university. The attackers stopped the attack after authorities told them it had actually shut down a hospital. Health care facilities are one of the biggest targets for cyberattacks, and cybersecurity experts have warned for years that most hospitals aren’t prepared . They rely heavily on devices, like radiology equipment, that are often connected to the internet. Without those...
Post a Comment
Read more

Five regular checks for SMBs

Five regular checks for SMBs By- Aarti Jatan Five things that, if neglected, can cost SMBs dearly. It is not always economically viable for small and medium-size businesses to maintain a dedicated IT security team, so it often happens that one person is in charge of monitoring the entire infrastructure. Sometimes he or she is not even a permanent, full-time employee. Sure, a good administrator can do a lot, but even a pro might miss something, particularly if issues are mounting and time is short. So, it’s worth establishing a few habits. Here are our Top 5 regular checks. Renew the corporate site security certificate Any website that requests or processes user data must have an SSL certificate. It protects information entered by visitors from being intercepted, and almost all modern browsers  warn  users that sites without an SSL certificate are insecure. That can scare off potential customers. Your website most likely has an SSL certificate, but its validity period is limite...
Post a Comment
Read more